From cd71c131dd886c48ae49dd3b7e213fccd14cfb18 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kai=20L=C3=BCke?= <kai@kinvolk.io>
Date: Fri, 9 Oct 2020 14:57:29 +0900
Subject: [PATCH 1/2] Revert "sys-apps/systemd: Drop the resolv.conf
 workaround"

This reverts commit c414b38c7c56dafb05a86040443c634763527f05.
The real DNS server IP addresses should be in /etc/resolve.conf and not
just 127.0.0.53 because all cases that bind-mount /etc/resolve.conf
into a new network namespace can't reach the loopback interface that
resolved is listening on.
---
 .../coreos-overlay/sys-apps/systemd/systemd-9999.ebuild   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index 4b2315117e..aefba443c4 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -179,6 +179,14 @@ src_unpack() {
 
 src_prepare() {
 	# Flatcar: We don't have separate patches, so no patching code here.
+	#
+	# Flatcar: Use the resolv.conf managed by systemd-resolved.
+	# This shouldn't be necessary anymore. Added because of a bug
+	# https://github.com/systemd/systemd/issues/3826, which is
+	# apparently resolved in
+	# https://github.com/systemd/systemd/pull/5276.
+	sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die
+
 	default
 }
 

From 879b0c4eb502ca59fc9ca996c48295eb6b8333a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kai=20L=C3=BCke?= <kai@kinvolk.io>
Date: Tue, 13 Oct 2020 13:45:27 +0900
Subject: [PATCH 2/2] sys-apps/systemd: Document why resolv.conf contains real
 IP addresses

---
 .../coreos-overlay/sys-apps/systemd/systemd-9999.ebuild      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
index aefba443c4..b3149162dc 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-9999.ebuild
@@ -184,7 +184,10 @@ src_prepare() {
 	# This shouldn't be necessary anymore. Added because of a bug
 	# https://github.com/systemd/systemd/issues/3826, which is
 	# apparently resolved in
-	# https://github.com/systemd/systemd/pull/5276.
+	# https://github.com/systemd/systemd/pull/5276 but another reason is
+	# that when /etc/resolve.conf is bind-mounted to a new network
+	# namespace it shouldn't contain the loopback IP address of the host
+	# which is not reachable from another network namespace.
 	sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/etc.conf.m4 || die
 
 	default